Silverlight Authorisation Dataportal LocalProxy

Silverlight Authorisation Dataportal LocalProxy

Old forum URL:

Adalton4 posted on Monday, February 06, 2012

After optimising our DataPortal.Create statements to ProxyModes.LocalOnly where appropriate, we encountered the following:

We had to explicitely add the Permission check to get the same behaviour from the Remote DataPortal, which throws an exception. Without explicitely checking for authorisation, we ended up with a created object who was not saveable.


Is this an oversight from my part somewhere, as it would not seem logical to me.

















public static void CreateRoot(EventHandler<DataPortalResult<SeverityEdit

>> callback)





// Explicitly Add Authorisation Check




if (!Csla.Rules.BusinessRules.HasPermission(Csla.Rules.AuthorizationActions.CreateObject, typeof(SeverityEdit





throw new System.Security.SecurityException("UserNotAuthorizedException/" + Csla.Rules.AuthorizationActions.CreateObject.ToString() + "/" + typeof(SeverityEdit









DataPortal.BeginCreate<SeverityEdit>(callback, DataPortal.ProxyModes













//DataPortal.BeginCreate<SeverityEdit>(callback, DataPortal.ProxyModes.Auto); // Via the Server Side DataPortal, authorisation is automatic









public static void






BusinessRules.AddRule(typeof(SeverityEdit), new IsInRole(AuthorizationActions








RockfordLhotka replied on Monday, February 06, 2012

You are saying that the local data portal in Silverlight doesn't automatically check the per-type authorization rules?

Adalton4 replied on Monday, February 06, 2012



It is possible to create an object via the local dataportal. It isn't saveable, but the behaviour is inconsistent with that of the remote dataportal wich raises an exception.


RockfordLhotka replied on Monday, February 06, 2012

OK, I'll add this to the bug list. Thank you!

Copyright (c) Marimer LLC